Miggo Logo

CVE-2006-2758: Jetty Directory Traversal Vulnerability

5

CVSS Score

Basic Information

EPSS Score
0.80708%
Published
5/1/2022
Updated
2/12/2024
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
AV:N/AC:L/Au:N/C:P/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.mortbay.jetty:jettymaven<= 6.0.beta16

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper path normalization when handling URL-encoded characters. Jetty's ResourceHandler is responsible for serving static resources by mapping URLs to filesystem paths. The getResource method would decode the URL parameter and construct a filesystem path. If it fails to properly check for both forward and backslash-based traversal sequences (e.g., ../ or ..) after decoding, it would allow path traversal. The use of %2e%2e%5c (decoded to ..) suggests the handler didn't account for backslashes as path separators during normalization, a common oversight in Java-based web servers handling multi-platform environments.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*ir**tory tr*v*rs*l vuln*r**ility in j*tty *.*.x (j*tty*) **t*** *llows r*mot* *tt**k*rs to r*** *r*itr*ry *il*s vi* * `%**%**%**` (*n*o*** `../`) in t** URL. NOT*: t*is mi**t ** t** s*m* issu* *s *V*-****-****.

Reasoning

T** vuln*r**ility st*ms *rom improp*r p*t* norm*liz*tion w**n **n*lin* URL-*n*o*** ***r**t*rs. J*tty's R*sour****n*l*r is r*sponsi*l* *or s*rvin* st*ti* r*sour**s *y m*ppin* URLs to *il*syst*m p*t*s. T** `**tR*sour**` m*t*o* woul* ***o** t** URL p*r*